mapping of openstack load balancing api€¦ · interface or using a soap (xmlapi) or rest (nitro)...

Mapping of

OpenStack Load

Balancing API

Table of Contents Overview ....................................................................................... 1 1.

HA Proxy ............................................................................... 1 1.1.

NetScaler .............................................................................. 1 1.2.

API Operation Mappings ................................................................... 2 2.

List LoadBalancers .................................................................. 2 2.1.

HA Proxy ....................................................................................... 2

NetScaler (CLI) ............................................................................... 3

List LoadBalancer Details ......................................................... 3 2.2.

HA Proxy ....................................................................................... 4

NetScaler (CLI) ............................................................................... 4

Create LoadBalancer ............................................................... 4 2.3.

HA Proxy ....................................................................................... 5

NetScaler (CLI) ............................................................................... 6

Remove Load Balancer ............................................................ 6 2.4.

HA Proxy ....................................................................................... 6

NetScaler (CLI) ............................................................................... 7

List, Add, Modify, and Remove Nodes ........................................ 7 2.5.

2.5.1. List Nodes ........................................................................ 7

HA Proxy ....................................................................................... 8

NetScaler (CLI) ............................................................................... 8

2.5.2. Add Nodes ....................................................................... 8

HA Proxy ....................................................................................... 9

NetScaler (CLI) ............................................................................... 9

2.5.3. Modify Node ..................................................................... 9

HA Proxy ...................................................................................... 10

NetScaler (CLI) .............................................................................. 10

2.5.4. Remove Node .................................................................. 11

HA Proxy ...................................................................................... 11

NetScaler (CLI) .............................................................................. 11

Update Load Balancer Attributes .............................................. 11 2.6.

HA Proxy ...................................................................................... 12

NetScaler (CLI) .............................................................................. 12

Usage Reporting .................................................................... 13 2.7.

HA Proxy ...................................................................................... 13

Active Health Monitoring ......................................................... 14 2.8.

2.8.1. Connection Monitor .......................................................... 15

HA Proxy ...................................................................................... 15

NetScaler (CLI) .............................................................................. 16

2.8.2. HTTP/HTTPS Monitor ........................................................ 16

HA Proxy ...................................................................................... 16

NetScaler (CLI) .............................................................................. 17

Session Persistence ............................................................... 18 2.9.

HA Proxy ...................................................................................... 18

NetScaler (CLI) .............................................................................. 19

Connection Logging ............................................................... 20 2.10.

2.10.1. Enable or Disable Connection Logging on a Load Balancer ..... 20

HA Proxy ...................................................................................... 20

NetScaler (CLI) .............................................................................. 21

Connection Throttling ............................................................. 22 2.11.

2.11.1. Update Connection Throttling configuration ......................... 22

HA Proxy ...................................................................................... 22

NetScaler (CLI) .............................................................................. 23

Load Balancing Protocols ........................................................ 24 2.12.

HA Proxy ...................................................................................... 24

NetScaler (CLI) .............................................................................. 25

Load Balancing Algorithms ...................................................... 25 2.13.

HA Proxy ...................................................................................... 26

NetScaler (CLI) .............................................................................. 26

Load Balancer Status ............................................................. 27 2.14.

HA Proxy ...................................................................................... 27

NetScaler (CLI) .............................................................................. 28

Node Condition ...................................................................... 29 2.15.

HAProxy ....................................................................................... 29

NetScaler (CLI) .............................................................................. 29

1

Overview 1.

This document demonstrates the mapping of the OpenStack Load Balancing

core API proposal to the equivalent configurations on 2 widely used load

balancers:

HA Proxy

Citrix NetScaler

HA Proxy 1.1.HAProxy is an open source load balancer that can run as a daemon on Linux.

Because HAProxy has a limited CLI mode (using Unix stats sockets) and

doesn’t have an API, all configuration operations for mapping the OpenStack

LB API would be performed through editing the HAProxy configuration file

and restarting the HAProxy daemon.

NetScaler 1.2.NetScaler is a Citrix product that comes in the form of hardware appliances

(NetScaler MPX range) and soft appliances (NetScaler VPX).

The NetScaler product has a long list of L2 to L7 features beyond load

balancing, such as SSL Offload, AppFirewall, Caching, Compression,

Rewriting engine, VPNs, and many others.

All NetScaler features can be configured either through the CLI, a Web GUI

interface or using a SOAP (XMLAPI) or REST (Nitro) API.

The Load Balancing feature is configured by creating LB vservers and binding

service groups to them (representing backend nodes).

In this document, we will use CLI commands for brevity to show the mapping

from the OpenStack API, even though NetScaler’s REST API (Nitro) will be

appropriate to use in an implementation of the LB service.

2

API Operation Mappings 2.

List LoadBalancers 2.1.

Example: List Load Balancers Response: XML

HA Proxy

The LB service will need to find all the “listen” or “frontend” sections in the

HAProxy configuration file and parse their content, like the following section.

Verb

URI Description Representation

GET /loadbalancers List all

loadbalancers configured for an

account

XML, JSON

<?xml version="1.0" encoding="UTF-8"?>

<loadBalancers xmlns="http://docs.openstack.org/loadbalancers/api/v1.0">

<loadBalancer id="71" name="lb-site1" status="ACTIVE"

protocol="HTTP" port="80" algorithm="ROUND_ROBIN">

<virtualIp address="206.55.130.2" ipVersion="IPV4" type="PUBLIC" />

<cluster name="dc-eastcoast-4" />

<created time="2010-11-29T17:31:41Z" />

<updated time="2010-11-30T08:35:15Z" />

</loadBalancer>

<loadBalancer id="166" name="lb-site2" status="ACTIVE"

protocol="HTTP" port="80" algorithm="LEAST_CONNECTIONS">


<cluster name="dc-eastcoast-4" />

<created time="2010-11-30T03:23:42Z" />

<updated time="2010-11-30T03:23:44Z" />

</loadBalancer>

</loadBalancers>

listen lb-3271 206.55.130.2:80

mode http

…

…

3

NetScaler (CLI)

The LB service uses the “show lb vserver” CLI command to returns details all

lbvservers on NetScaler, which can be filtered for those belonging to the user

account.

List LoadBalancer Details 2.2.

Example: List Load Balancer Details Response: XML

HTTP Request: GET /loadbalancers/71

HTTP Request Body

Verb


GET /loadbalancers/loadBalancerId List details of the specified

load balancer

XML, JSON


<loadBalancer xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" id="71" name="lb-site1"

status="ACTIVE" protocol="HTTP" port="80" algorithm="ROUND_ROBIN">


<nodes>

<node id="1041" address="10.1.1.1" port="80" condition="ENABLED" status="ONLINE" />


</nodes>

<sessionPersistence persistenceType="HTTP_COOKIE" />

<connectionLogging enabled="true" />

<cluster name="c1.dfw1" />

<created time="2010-11-30T03:23:42Z" />

<updated time="2010-11-30T03:23:44Z" />

</loadBalancer>

show lb vserver

4

HA Proxy

The LB service will need to find the “listen” section that corresponds to the

requested load balancer.

The listen section should include all the settings, including those for the

nodes of the load balancer which would be represented by the “server”

directives in these sections.

NetScaler (CLI)

On NetScaler, the LB service uses the “show lb vserver <name>” CLI

command to return the lb vserver that corresponds to the load balancer. It is

the responsibility of the LB service to decide how to maintain a mapping

between the load balancer id and the resources on NetScaler such as the

corresponding lb vserver.

From the previous command, one can also find out the services bound to the

lbvserver. For each service, one can get the details of the service (node)

using the “show service” command:

Create LoadBalancer 2.3.

Verb


POST

/loadbalancers Create a new load

balancer with the configuration

XML, JSON

show lb vserver lb-4532

listen a-new-loadbalancer 206.55.130.2:80

mode http

show service node-1421


5

Example: Create Load Balancer (Required Attributes) Request: XML

HTTP Request: POST /loadbalancers

HTTP Request Body

HA Proxy

The LB service needs to allocate a Virtual IP from its “PUBLIC” pool of IPs,

and configure a “listen” section in the HAProxy configuration file that

corresponds to the created load balancer.

Example

The LB service will also need to allocate an ID to the newly created load

balancer and associate the resources created on HAProxy with this ID.

defined by the

request.


<loadBalancer xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" id="71" name="a-new-

loadbalancer" protocol="HTTP" port="80" algorithm="ROUND_ROBIN">

<virtualIp type="PUBLIC" />

<nodes>

<node address="10.1.1.1" port="80" />


</nodes>

</loadBalancer>


mode http

balance roundrobin

server 71-node1 10.1.1.1:80

server 71-node2 10.1.1.2:8080

6

NetScaler (CLI)

The LB service needs to allocate a Virtual IP from its “PUBLIC” pool of IPs and

then use the “add lb vserver” and “add service” CLI commands to create an

lbvserver and services (nodes), and then bind the services to the lbvserver.

The LB service will also need to allocate an ID to the newly created load

balancer and associate the resources created on NetScaler with this ID.

Remove Load Balancer 2.4.

HTTP Request: DELETE /loadbalancers/71

HA Proxy

The LB service will locate and remove the “listen” section in the HAProxy

configuration file that corresponds to the load balancer.

Verb URI Description

DELETE

/loadbalancers/loadBalancerId Removes a

loadbalancer from an account

add lb vserver a-new-loadbalancer http 206.55.130.2 80 –lbmethod

roundrobin

add service 71-node1 10.1.1.1 80

add service 71-node2 10.1.1.2 8080

bind lb vserver a-new-loadbalancer 71-node1

bind lb vserver a-new-loadbalancer 71-node2


mode http

balance roundrobin

server 71-node1 10.1.1.1:80

server 71-node2 10.1.1.2:8080

7

NetScaler (CLI)

The LB service locates the name of the lb vserver corresponding to the load

balancer, and then uses the “rm lb vserver” and “rm service” CLI commands

to remove the lbvserver and services (nodes).

List, Add, Modify, and Remove Nodes 2.5.

2.5.1. List Nodes

Example: List Node: XML

HTTP Request: GET /loadbalancers/71/nodes

HTTP Response Body

Verb URI Description Representation

GET

/loadbalancers/loadBalancerId/nodes

List nodes configured for the load balancer.

XML, JSON


<nodes xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" >



</nodes>

rm lb vserver a-new-loadbalancer

rm service 71-node1

rm service 71-node2

8

HA Proxy

The LB service will locate the “listen” section corresponding to the load

balancer in the HAProxy configuration file and enumerate all the “server”

entries in it.

Example

NetScaler (CLI)

The LB service needs to find the name of the lb vserver corresponding to the

load balancer, and then uses the “show lb vserver” to retrieve services bound

to the lbvsever. It can then fetch the details of each service corresponding to

a node of the load balancer using the “show service” command.

2.5.2. Add Nodes

Example: Add Nodes Request: XML

HTTP Request: POST /loadbalancers/71/nodes

HTTP Request Body


POST

/loadbalancers/loadBalance

rId/nodes

Add nodes to the load

balancer.

XML, JSON

show lb vserver a-new-loadbalancer



listen lb-71 206.55.130.2:80

mode http

balance roundrobin

server node-1421 10.1.1.1:80

server node-1422 10.1.1.2:8080

9

HA Proxy

The LB service will allocate an ID for each node, and will locate the “listen”

section corresponding to the load balancer in the HAProxy configuration file

and add “server” entries in it.

NetScaler (CLI)

The LB service will allocate an ID for each node, and uses the “add service”

command to create new services. It will then need to locate the lb vserver

corresponding to the load balancer and use “bind lb vserver” command to

bind the created services to that lbvserver.

2.5.3. Modify Node


PUT /loadbalancers/loadBalance

rId/nodes/nodeId

Modifies attributes of

a balancer’s node.

XML, JSON


<nodes xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" >


<node address="10.1.1.10" port="80" weight="2" />

</nodes>

add service node-352 http 10.1.1.5 80

add service node-463 http 10.1.1.10 80

bind lbvserver lb-71 node-352

bind lbvserver lb-71 node-463 –weight 2

listen lb-71 206.55.130.2:80

mode http

balance roundrobin

server node-352 10.1.1.5:80

server node-463 10.1.1.10:80 weight 2

10

Example: Modify Node Request: XML

Request URL: PUT /loadbalancers/4532/nodes/271

Request Body

HA Proxy


balancer 4532 in the HAProxy configuration file and identify the “server”

entry in it that corresponds to the load balancer’s node 271, and modifies it

accordingly.

NetScaler (CLI)

The LB service uses the “set service” command or “enable/disable service”

command to change attributes or state of a service corresponding to a load

balancer’s node.

To change the weight of a node, you need to locate the service

corresponding to the node, change the service binding to the lbvserver

corresponding to the load balancer by removing the existing binding and

creating a new one with the desired weight value.


<node xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" condition=" DISABLED" />

disable service node-271

listen lb-4532 206.55.130.2:80

mode http

balance roundrobin

server node-271 10.1.1.15:80

unbind lb vserver lb-4532 node-271

bind lb vserver lb-4532 node-271 –weight 4

11

2.5.4. Remove Node

Example: Remove Node Request

Request URL: DELETE /loadbalancers/4532/nodes/271

HA Proxy


balancer 4532 in the HAProxy configuration file and identify the “server”

entry in it that corresponds to the load balancer’s node 271, and removes it.

NetScaler (CLI)

The LB service uses the “rm service” command to remove a service

corresponding to node 271.

Update Load Balancer Attributes 2.6.

Verb URI Description

DELETE

/loadbalancers/loadBalancerId/nodes/nodeId Removes a loadbalancer from an

account

Verb


PUT

/loadbalancers/loadBalancerId Update the

properties of the load

balancer

XML, JSON

rm service node-271

listen lb-4532 206.55.130.2:80

mode http

balance roundrobin

server node-271 10.1.1.15:80

12

Example: Modify LoadBalancer Request: XML

Request URL: PUT /loadbalancers/4532

Request Body

HA Proxy


balancer 4532 in the HAProxy configuration file and change it accordingly.

To change the name of load balancer, you can simply change the name in

the listen section to the new name.

NetScaler (CLI)

The LB service uses the “set lb vserver” command to change the attributes of

the lb vserver corresponding to the load balancer.

To change the name of an lb vserver, you use the rename command as

follows:

The LB service is responsible for maintaining the mapping between the load

balancer ID and the new name of the corresponding lb vserver.


<loadBalancer xmlns="http://docs.openstack.org/loadbalancers/api/v1.0"

algorithm="LEAST_CONNECTIONS" />

set lb vserver lb-4532 –lbmethod LEASTCONNECTION

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

server node-271 10.1.1.15:80

rename lb vserver lb-4532 newlb-4532

13

Usage Reporting 2.7.

Example: Get Usage Response: XML

HA Proxy

HA Proxy makes its stats available from a URL on the HAProxy server itself.

The LB service will enable collecting usage (statistics) on the load balancer by

using the appropriate settings on the listen section of HA Proxy’s

configuration file. An example is shown below to enable statistics to be

collected by the LB service from URI /my_stats (a username/password can

be used to protect this URI).

The LB service will need to retrieve these stats, parse the data and format it

appropriately before returning it to the OpenStack LB client.

NetScaler (CLI)

The LB service uses the “stat lb vserver” command to obtain current

statistics corresponding to lb vserver 4532.

Verb


GET

/loadbalancers/loadBalancerId/usage

List current usage

XML, JSON


<loadBalancerRecords xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" >

<loadBalancerUsageRecord incomingTransfer="97301" outgoingTransfer="241050"

startTime="2010-12-21T12:32:07-06:00" endTime="2010-12-21T12:36:30-06:00" />

</loadBalancerRecords>

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

server node-271 10.1.1.15:80

server node-563 10.1.1.14:80

stats enable

stats uri /my_stats

stats refresh 5s

14

NetScaler also supports historical usage statistics. You can use NetScaler’s

nsconmsg tool from the shell on NetScaler to display gathered statistics as

follows:

The output of this command contains a large number of usage counters for

each VIP (virtual IP address) and each service. This needs to be filtered by

the LB service for the resources that belong to the load balancer or the user

account, and then parsed to extract the required usage counters.

An example of the output of this command for one VIP:

Active Health Monitoring 2.8.


GET

/loadbalancers/loadBalancerId/healthmonitor

Retrieves the Health monitor configuration,

if one exists

XML, JSON

PUT /loadbalancers/loadBalancerId/healthmonitor

Updates the settings for a health monitor

XML, JSON

DELETE /loadbalancers/loadBalancerId/healthmonitor

Removes the health monitor

stat lb vserver lb-4532

> /netscaler/nsconmsg -K /var/nslog/newnslog -s time=22Mar2007:20:00 -T

7 -s ConLb=2 -d oldconmsg

15

2.8.1. Connection Monitor The monitor connects to each node on its defined port to ensure that the

service is listening properly. The connect monitor is the most basic type of

health check and does no post-processing or protocol specific health checks.

It includes several configurable properties:

delay: The minimum number of seconds to wait before checking the

health of a node after it is put into OFFLINE status.

timeout: Maximum number of seconds to wait for a connection to be

established before timing out.

attemptsBeforeDeactivation: Number of permissible monitor

failures before removing a node from rotation.

Example: Retrieve Health Monitor (type CONNECT): XML

URI: /loadbalancers/4532/healthmonitor

Response:

HA Proxy

The delay parameter maps to the HAProxy server’s inter parameter.

The timeout parameter maps to HAProxy’s timeout check parameter.

The attemptsBeforeDeactivation parameter maps to HAProxy’s fall parameter

on the server.

The following shows a configuration example with these parameters set in a

listen section corresponding to a load balancer.

listen lb-4532 206.55.130.2:80

mode tcp

balance leastconn

timeout check 5000

server node-271 10.1.1.1:80 check inter 10000 fall 3



<healthMonitor xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" type="CONNECT"

delay="5" timeout="10" attemptsBeforeDeactivation="3" />

16

NetScaler (CLI)

In NetScaler, to enable health monitoring on a load balancer, you need to

create an lb monitor with the required settings, and then bind the monitor to

the services of the lbvserver corresponding to the load balancer.

The delay parameter maps to a Netscaler monitor’s interval parameter.

The timeout parameter maps to a Netscaler monitor’s respTimeout

parameter.

The attemptsBeforeDeactivation parameter maps to a NetScaler monitor’s

retries parameter.

2.8.2. HTTP/HTTPS Monitor The HTTP & HTTPS monitor is a more intelligent monitor that is capable of

processing a HTTP or HTTPS response to determine the condition of a node.

It supports the same basic properties as the connect monitor and includes

three additional attributes that are used to evaluate the HTTP response.

method: The HTTP method (GET or HEAD) that will be used in the

sample request

path: The HTTP path that will be used in the sample request

Example: Update Health Monitor (type HTTPS): XML

URI: /loadbalancers/4532/healthmonitor

Request:

HA Proxy

add lb monitor connectmon-4532 tcp –resptimeout 2000 –interval 3000 –retries

3

bind service node-271 connectmon-4532

bind service node-272 connectmon-4532


<healthMonitor xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" type="HTTPS"

delay="20" timeout="3" attemptsBeforeDeactivation="5" path="/check" method="GET" />

17

The method parameter maps to the HAProxy httpchk directive.

The path parameter maps to HAProxy’s httpchk directive.

The attemptsBeforeDeactivation parameter maps to HAProxy’s fall parameter

on the server.

The following shows a configuration example with these parameters set in a

listen section corresponding to a load balancer.

Updating and deleting the health monitor translates to updates or removal of

these directives from the HA Proxy’s configuration file.

A HAProxy considers a probe successful if it receives a response with a status

code in the 2xx or 3xx range.

Summary of health monitor parameters mappings in NetScaler

HealthMonitor parameter HAProxy directive

delay inter argument on server directive

timeout timeout check directive

attemptsBeforeDeactivation fall argument on server directive

method Part of option httpchk directive

Path Part of option httpchk directive

NetScaler (CLI)

In NetScaler, the method and path parameters can be expressed on an http

monitor using the httpRequest argument, and you specify the response

status codes expected for the probe to be considered successful in the

respCode argument.

Updating and deleting the health monitor translates to updates or removal of

the corresponding NetScaler lb monitors.

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

timeout check 2000

option httpchk GET /check

timeout check 3000



add lb monitor httpmon-4532 http –httpRequest "GET /check" –resptimeout 3000 –

interval 20000 –retries 5 –respCode 200-399

bind service node-271 httpmon-4532

bind service node-272 httpmon-4532

18

Summary of health monitor parameters mappings in NetScaler:

HealthMonitor parameter NetScaler Monitor argument

delay interval

timeout respTimeout

attemptsBeforeDeactivation retries

method Part of httpRequest

Path Part of httpRequest

Session Persistence 2.9.

Example: Enable session persistence: XML

URI: /loadbalancers/4532/sessionpersistence

Request:

HA Proxy

The following shows a configuration example of enabling cookie persistence

on a load balancer using the cookie directive (with the insert value) in the

listen section corresponding to the load balancer.


GET

/loadbalancers/loadBalancerId/sessionpersistence

List session persistence

configuration.

XML, JSON

PUT /loadbalancers/loadBalancerId/sessionpersistence

Enable session persistence.

XML, JSON

DELETE /loadbalancers/loadBalancerId/sessionpersistence

Disable session persistence.


<sessionPersistence xmlns="http://docs.openstack.org/loadbalancers/api/v1.0"

persistenceType="HTTP_COOKIE" />

19

This configuration inserts a cookie called “cookie-4532” into responses, and

removes this cookie from requests. The cookie will have the value “server1”

if the LB algorithm chooses node-271 for a new user, and “server2” if node-

563 is chosen. Subsequent requests from the same user will go to the same

node.

To delete session persistence on a load balancer, you remove the cookie

directive from the corresponding listen section in the configuration file and

restart HAProxy.

In addition to HTTP Cookie persistence, HAProxy supports another

persistence type: RDP cookies.

NetScaler (CLI)

To enable HTTP_COOKIE persistence on a load balancer in Netscaler, you

locate the corresponding lbvserver and set the persistenceType parameter to

COOKIEINSERT.

To disable session persistence, you set the same parameter to the NONE

value.

Besides “HTTP COOKIE” persistence, NetScaler supports the following

persistence types:

SOURCE IP

SSL SESSION ID

RULE (any NetScaler expression)

URLPASSIVE

DESTINATION IP

SOURCE IP DESTINATION IP

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

cookie cookie-4532 insert indirect

server node-271 10.1.1.1:80 cookie server1

server node-563 10.1.1.2:8080 cookie server2

set lb vserver lb-4532 –persistenceType INSERTCOOKIE

set lb vserver lb-4532 –persistenceType NONE

20

CALL ID

RTSP SID

CUSTOM SERVER ID

Connection Logging 2.10.

2.10.1. Enable or Disable Connection Logging on a Load

Balancer

Example: Enable connection logging: XML

URI: /loadbalancers/4532/connectionlogging

Request:

HA Proxy

On HAProxy, you use the option httplog to enable HTTP-style (CLF format)

logging in the listen section corresponding to the load balancer.


PUT /loadbalancers/loadBalance

rId/connectionlogging

Enable or Disable

connection logging

XML, JSON

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

option httplog clf

server node-271 10.1.1.1:80

server node-563 10.1.1.2:8080


<connectionLogging xmlns="http://docs.openstack.org/loadbalancers/api/v1.0" enabled="true"/>

21

HAProxy uses Linux syslog daemon to store its logs.

NetScaler (CLI)

For HTTP logging, you need to enable WebLogging on NetScaler (W3C

format) by editing the log.conf file and adding the following directives:

Then start the WebLogging daemon on NetScaler as follows:

To disable HTTP logging, stop the WebLogging daemon.

Note: At the current time, HTTP (Web) logging configuration in NetScaler is global and

cannot be enabled per lbvserver.

For logging TCP connections, NetScaler makes use of audit policies. These

audit policies can then be bound to the lbvserver corresponding to the load-

balancer to enable TCP logging for the corresponding load balancer.

The following example shows creating a policy to log TCP events to syslog,

and then binding this policy to the lbvserver corresponding to the load

balancer.

begin default

logFormat W3C

logInterval Daily

logFilenameFormat Ex%{%y%m%d}t.log

end default

> nswl –start –f <location of log.conf file>

add audit syslogAction tcplogAction-4532 127.0.0.1 –logLevel INFORMATION –

tcp ALL

add audit syslogpolicy tcplogPolicy-4532 ns_true tcplogAction-4532

bind lb vserver lb-4532 –policy tcplogPolicy-4532 –priority 10

22

Connection Throttling 2.11.

2.11.1. Update Connection Throttling configuration

Example: Update configuration of connection throttling: XML

URI: /loadbalancers/4532/connectionthrottle

Request:

HA Proxy

On HAProxy, you use various directives to enable connection throttling per

source IP address.

The following example shows connection throttling allowing a maximum of 50

requests every second per source IP address. Beyond that, connections are

refused to prevent abuse.


PUT /loadbalancers/loadBalancerId/connectionthrottle

Update configuration of connection

throttling

XML, JSON

listen lb-4532 206.55.130.2:80

mode http

balance leastconn

# declare table to store rate (connections/s) per source IP

stick-table type ip size 1m expire 5m store http_req_rate(1s)

# enable tracking of connections on VIP from each source IP.

tcp-request content track-sc1 src

#boolean expression: true if connection rate is above limit (50).

acl above_rate sc1_http_req_rate gt 50

#reject connections if the expression above_rate is true

tcp-request content reject if above_rate

server node-271 10.1.1.1:80

server node-563 10.1.1.2:8080


<connectionThrottle xmlns="http://docs.openstack.org/loadbalancers/api/v1.0"

maxConnectionRate="50" rateInterval="1" />

23

In addition to requests/second, HAProxy can track connections/second. The

action to be taken when rate is exceeded is configurable.

HAProxy can also rate limit the number of connections accepted on a VIP per

second (considering all clients) using the “rate-limit sessions <number>”

directive. It can also limit the overall total number of connections on a VIP

using the “maxconn <directive>” directive.

Summary of Connection Throttling mapping to HAProxy

Connection Throttling HA Proxy directives

maxRequestRate Track client source IP by using

directive “tcp-request content

track-sc1 src”. Use acl directive to

define expression of rate together

with tcp-request content reject

to drop connections that exceed that rate.

rateInterval Define a stick-table and specify

rateInterval as a http_req_rate

parameter

NetScaler (CLI)

On Netscaler, the LB service would make use of the rate-limiting feature to

create a limitSelector to track source IP addresses and a limitIdentifier where

you specify the required rate limits. You then use this limitIdentifier in a

responder policy to drop connections from a client when the rate is exceeded

from a certain source IP. Finally you bind the policy to the lbvserver

corresponding to the load balancer.

NetScaler limitIdentifier can also be used to track max concurrent

connections (although not per time interval) as well as requests/second as

we used it in the example above.

Also, what is selected for tracking is not limited to client source IPs. It can be

any part or characteristic of the client request, including content of request,

add ns limitSelector client_src_ip CLIENT.IP.SRC

add ns limitIdentifier above_rate -threshold 50 –mode REQUEST_RATE -

selectorName client_src_ip

add responder policy rate_policy SYS.CHECK_LIMIT("above_rate") DROP

bind lb vserver lb-4532 –policy rate_policy –priority 10

24

destination IP address, time of day, etc. If a connection or a request matches

the criteria, it is counted for the purpose of rate limiting. The action to take

when the rate limit is exceeded can be based on any of the NetScaler policies

(cache, respond, content switch, rewrite, filter, etc.).

Summary of Connection Throttling mapping to NetScaler

Connection Throttling NetScaler rate-limiting

maxRequestRate

Define a limitSelector that tracks client source IP. Then define a

limiteIdentifier that uses the selector, and specify mode as REQUEST_RATE

and specify in the threshold the number of requests to admit per second.

rateInterval

Not needed. The threshold is implicitly per second. So, the value to

be specified for threshold should be

maxRequestRate/rateInterval.

Load Balancing Protocols 2.12.

HA Proxy

HAProxy supports HTTP and TCP protocols. You specify the load-balanced

protocol in HAProxy using the mode directive which can take the values http

or tcp.

For HTTPS (and SSL in general), as well as other non-HTTP protocols (SMTP,

LDAP, etc.), the “tcp” mode is used.


GET /loadbalancers/protocols List all supported load balancing protocols

listen lb-4532 206.55.130.2:80

mode tcp

balance roundrobin server node-271 10.1.1.1:80 server node-563 10.1.1.2:8080

25

NetScaler (CLI)

NetScaler also supports HTTP and TCP protocols.

When you create an lbvserver, you need to specify the protocol, which can

take any of the following values in NetScaler:

1. HTTP

2. TCP

3. SSL

4. SSL_BRIDGE

5. SSL_TCP

6. FTP

7. MYSQL

8. MSSQL

9. RDP

10.RTSP

11.RADIUS

12.SIP_UDP

13.NNTP

14.DNS

15.DNS_TCP

16.UDP

17.ANY

Load Balancing Algorithms 2.13.


GET /loadbalancers/algorithms List all supported load

balancing algorithms

add lb vserver a-new-loadbalancer <protocol> 206.55.130.2 80

26

HA Proxy

HAProxy supports ROUND_ROBIN and LEAST_CONNECTIONS algorithms.

Below is the full list of supported Load Balancing Algorithms:

1. roundrobin- Round Robin

2. leastconn – Least Connections

3. source – Hash of the Source IP address

4. uri – Hash of the URI (path)

5. url_param - Based on value of URL parameter

6. hdr(name) – Based on the value of a request header

7. RDP-cookie(name) - Based on the cookie found in RDP protocol

(specific to Microsoft RDP protocol)

NetScaler (CLI)

OpenStack LB algorithms map in NetScaler as follows:

Load Balancer Algorithm LB vserver method

ROUND_ROBIN roundrobin

LEAST_CONNECTIONS leastconnection

The full list of Load Balancing Algorithms supported by NetScaler:

1. ROUND ROBIN

2. LEAST CONNECTIONS

3. LEAST RESPONSE TIME

4. URL HASH

5. DOMAIN HASH

6. DESTINATION IP HASH

7. SOURCE IP HASH

8. LEAST BANDWIDTH

9. LEAST PACKETS

10.SOURCE IP DESTINATION IP HASH

11.SOURCE IP SOURCE PORT HASH

12.CALL ID HASH

13.LRTM (LEAST CONNECTIONS taking response time into account)

listen lb-4532 206.55.130.2:80

mode http

balance url_param userid server node-271 10.1.1.1:80 server node-563 10.1.1.2:8080

27

14.CUSTOM LOAD

Below is the command for creating an lbvserver that uses round-robin as the

load balancing algorithm

Load Balancer Status 2.14.

Table: Load Balancer Statuses

Name Description

ACTIVE Load balancer is configured properly and ready to serve traffic to incoming requests via the configured virtual

IPs

BUILD Load balancer is being provisioned for

the first time and configuration is being applied to bring the service

online. The service will not yet be ready to serve incoming requests.

PENDING_UPDATE Load balancer is online, but configuration changes are being applied to update the service based

on a previous request.

PENDING_DELETE Load balancer is online, but

configuration changes are being applied to begin deletion of the

service based on a previous request.

SUSPENDED Load balancer has been taken offline

and disabled

ERROR The system encountered an error when attempting to configure the

load balancer

HA Proxy

HAProxy is a Linux process, and therefore the LB service has to monitor its

status (if the process is working properly).

Typical deployments on Linux use keepalived or heartbeat daemon to

restart the HAProxy process if it stops.

add lb vserver a-new-loadbalancer http 206.55.130.2 80 –lbmethod roundrobin

28

To disable a load balancer, the LB service would need to remove the

corresponding “listen” section from HAProxy config file, and restart the

process with the new config file. There is no admin command to ask HAProxy

to stop listening on specific IP addresses.

NetScaler (CLI)

On NetScaler to find out the current status of the lb vserver corresponding to

the load balancer, you use the command “show lb vserver”. An output of the

execution of this command is shown below:

The status of the lb vserver can be either UP, DOWN or OUT OF SERVICE

(when explicitly disabled).

The lb vserver status can be used by the LB service to deduce the status of

the corresponding load balancer.

Load Balancer status Lb vserver state

ACTIVE UP

BUILD -

PENDING_UPDATE -

PENDING_DELETE -

SUSPENDED OUT OF SERVICE

ERROR -

29

Node Condition 2.15.

Every node is the load balancer has an associated condition which

determines its role within the load balancer.

Table: Load Balancer Node Conditions

Name Description

ENABLED Node is permitted to accept new connections

DISABLED Node is not permitted to accept any new connections regardless of session persistence configuration.

Existing connections are forcibly terminated.

HAProxy

On HAProxy you change the condition of a node by enabling/disabling the

corresponding server using a “stats admin socket” to issue the following

admin commands to HAProxy on a Unix socket.

Where “DISABLE” mode on HA Proxy is really a “draining” mode: it doesn’t

kill existing connections being serviced by that node, it simply stops the node

for receiving new connections.

NetScaler (CLI)

On NetScaler you change the condition of a node by enabling/disabling the

corresponding service.

enable service node-271

disable service node-563

disable server node-563

enable server node-271

30

You can also disable the service with a delay during which requests for

existing sessions (when session persistence is used) are still sent to the

service, but requests from new clients are not. After the delay, no new

requests are sent to the service (regardless of persistence).

Below is an example of delaying the service disabling by 5mn.

In the latest NetScaler release (9.3), you can also disable services gracefully:

The service will stay UP as long as there are existing connections established.

No new connections however are accepted. This is useful for TCP protocols

with long-lived connections (e.g. SMTP, etc.). This would correspond to a

“draining” mode.

The LB service can discover the current status of a node by finding out the

status of its corresponding service using the command “show service

<servicename>”. The output is similar to the one shown for the lbvserver

above.

disable service node-563 300

disable service node-563 –graceFul YES

mapping of openstack load balancing api€¦ · interface or using a soap (xmlapi) or rest (nitro)...

Documents